Manualshelf

User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherSPEDDTOUCH PRO WITH FIREWALL
211212213214215216217218219220
STPro Firewall and
NAPT
17 Network Security - Firewalling
214 / 288
3EC 36231 ABAA TCZZA Ed. 01
17.5 Firewalling and NAPT
The position of the Input, Static NA(P)T, Dynamic NA(P)T, Forward
and Output logical processing modules in the overall STPro
Firewall model is relative to the traffic direction. In contrast, the
STPro's WAN and LAN interfaces are physical interfaces; their
position is not relative to the traffic direction.
The Dynamic NA(P)T module is situated between the Forward and
Output hook (See STPro Firewall model). Since the traffic direction
will determine input, and output, the Dynamic NA(P)T module can
always be positioned between the Forward and Output module.
If you set rules on a hook, you should know if the packets that
pass through that hook contain IP addresses that are
NA(P)Ttranslated or not.
If rules are set on the Output hook and NA(P)T is active, the IP
packets that pass that hook will contain translated IP addresses.
If you want to avoid certain traffic, by setting rules that filter on
certain (ranges of) IP addresses, you should be aware of the
location where the rule will be verified, since, depending on the
hook, another IP address will be seen by the Firewall.
As a conclusion: if NA(P)T is activated, the IP address that
identifies a local device, will be different depending on the
direction of the traffic.